• Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    C++
  • Created over 12 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Proof of concept implementation of in-memory PE Loader based on ReflectiveDLLInjection Technique

PE Loader Sample

In memory execution of PE executables:

  • Self Relocation
  • Memory Mapping
  • IAT Processing
  • Relocation
  • Control Transfer

This project aims to implement a complete PE Loader capable of loading all PE and PE+ executables. The current version should be considered as a PoC only as it does not handle all practical cases.

TODO:

  • Handle Import Forwarding
  • Bound Imports
  • Is it possible to relocate a PE if relocation table is not included? Hack++?
  • Most Important: Documentation of PE Loading Process

Thanks

  • Special thanks to Stephen Fewer of Harmony Security for Reflective DLL Injection paper and implementation. The IAT processing and Relocation code in this project is taken from ReflectiveDLL Loader implementation.

  • sincoder for ideas on Self Relocation.

More Repositories

1

reverse-engineering-and-malware-analysis

Course content and slides from my ancient training on Reverse Engineering & Malware Analysis
137
star
2

pwnworks

Exploitation challenges for CTF
Shell
63
star
3

afl-in-the-cloud

Proof of concept implementation of fuzzing workload using AFL as the fuzzer and Terraform to codify infrastructure
HCL
31
star
4

wireplay

The TCP Session Replay Tool
Shell
24
star
5

supply-chain-security-gateway

Reference architecture and proof of concept implementation for supply chain security gateway
Go
23
star
6

afl-fuzzing-workshop

A introductory workshop to getting started with fuzzing using american fuzzy lop (AFL)
C
21
star
7

RandomCode

Random Code Store
Ruby
17
star
8

Penovox

Generic Hidden Code Extraction using Dynamic Binary Instrumention
C++
9
star
9

dns-graph

Collection of tools for visualising and correlating DNS data for security use-cases using FDNS data set.
JavaScript
5
star
10

container-image-scanner-api

A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses
Go
5
star
11

asn-search-api

A Golang API over MaxMind ASN database
Go
3
star
12

EasyOLE

A C/C++ Library for OLE Client Development
C++
3
star
13

kubernetes-BOFH-guide

Self-hosting Kubernetes for fun and profit
Shell
3
star
14

eos-india

Legacy code and stuff from eos-india.net
C
2
star
15

netmon

Netmon - The HIPS wannabe
C
2
star
16

telegram-bot-corona-virus-india

Telegram bot for Corona Virus (COVID-19) information in India
JavaScript
2
star
17

jadx-docker

Docker container builder for JADX Decompiler
Dockerfile
1
star
18

codeql-uboot

CodeQL
1
star
19

go-microservice-starter

An opinionated Microservice starter in Go
Go
1
star
20

coolpad_note3

Coolpad Note 3 Analysis and Development
1
star
21

abhisek.github.io

CSS
1
star
22

isha-photo-workflow

Rails based Web App implementing Photo Management workflow at Isha Foundation
JavaScript
1
star
23

abhisek

1
star